2007/1/25, Alessandro de Souza Rocha <[EMAIL PROTECTED]>: > 2007/1/25, Alessandro de Souza Rocha <[EMAIL PROTECTED]>: > > 2007/1/25, Cristina Fernandes Silva <[EMAIL PROTECTED]>: > > > O restante é esse. > > > > > > > > > # Fazendo o NAT > > > nat on $int_ext from $rede to any -> $int_ext > > > nat on $int_ext from <baixa> to any -> $int_ext > > > nat on $int_ext from <bmedia> to any -> $int_ext > > > nat on $int_ext from <media> to any -> $int_ext > > > nat on $int_ext from <alta> to any -> $int_ext > > > nat on $int_ext from <center> to any -> $int_int > > > > > > > > > # Redicrecionamento > > > #-------------------------------- > > > rdr on $int_int proto tcp from any to any port 80 -> $server1 port 3128 > > > > > > # ... sessão de filtragem > > > > > > # blockeando tudo por default > > > block in log on $int_ext from any to any > > > > > > # bloqueando spoof > > > antispoof for { $int_ext } inet > > > > > > # bloqueando scanners > > > block drop in quick on { $int_ext } from any os { NMAP } > > > > > > # bloqueando trafego ipv6 > > > block log quick inet6 > > > > > > #Liberando loopback > > > pass quick on lo0 all > > > > > > # liberando ping/traceroute > > > pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state > > > pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state > > > > > > # Liberando portas > > > #INCOMING > > > #TCP > > > pass in quick on $int_ext inet proto tcp from any to $int_ext port > > > $TCP_IN flags S/SA keep state > > > #UDP > > > #pass in quick on $int_ext inet proto udp from any to $int_ext port > > > $UDP_IN keep state > > > #PING > > > pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type > > > $PING keep state > > > > > > pass in on $int_ext inet proto { tcp udp } from any to any port 22 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 21 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 20 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 25 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 53 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 80 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 443 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 110 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 8080 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 6667 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 6891 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 6893 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 6900 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 1213 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 1214 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 1832 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 3094 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 3622 > > > pass in on $int_ext inet proto { tcp udp } from any to any port 2216 > > > pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy > > > flags S/SA keep state > > > > > > #OUTGOING > > > #EXTERNAL INTERFACE > > > > > > #TCP > > > pass out quick on $int_ext inet proto tcp from $int_ext to any port > > > $TCP_OUT flags S/SA keep > > > state > > > > > > #UDP > > > pass out quick on $int_ext inet proto udp from $int_ext to any port > > > $UDP_OUT keep state > > > > > > #ICMP > > > pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type > > > $PING keep state > > > > > > # Liberando acesso > > > pass in log on $int_ext from <baixa> to any queue baixa_in > > > pass in log on $int_ext from <bmedia> to any queue bmedia_in > > > pass in log on $int_ext from <media> to any queue media_in > > > pass in log on $int_ext from <alta> to any queue alta_in > > > pass in log on $int_ext from <center> to any queue center_in > > > > > > pass in log on $int_ext from <baixa> to any > > > pass in log on $int_ext from <bmedia> to any > > > pass in log on $int_ext from <media> to any > > > pass in log on $int_ext from <alta> to any > > > pass in log on $int_ext from <center> to any > > > > > > > > > Obrigada > > > > > > > > > Cristina > > > > > > > > > __________________________________________________ > > > Fale com seus amigos de graça com o novo Yahoo! Messenger > > > http://br.messenger.yahoo.com/ > > > ------------------------- > > > Histórico: http://www.fug.com.br/historico/html/freebsd/ > > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > > > > Cristina um exemplo para vc. > > > > altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless } > > queue dflt_out bandwidth 5% cbq(default) > > queue local bandwidth 50% > > queue wireless bandwidth 40% > > > > altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio } > > queue dflt_in bandwidth 10% cbq(default) > > queue cpd 50% > > queue radio bandwidth 40% > > > > pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd > > pass out on $int_if from 100.100.100.0/24 to any keep state queue radio > > pass out on $ext_if from 192.168.0.0/24 to any keep state queue cpd > > pass out on $ext_if from 100.100.100.0/24 to any keep state queue radio > > > > > > -- > > Alessandro de Souza Rocha > > Administrador de Redes e Sistemas > > Freebsd-BR User #117 > > > > -- > Alessandro de Souza Rocha > Administrador de Redes e Sistemas > Freebsd-BR User #117 > Descula-me pelo erro acima. segui as configuracoes minha abaixo.
# Queueing: rule-based bandwidth control. altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless } queue dflt_out bandwidth 5% cbq(default) queue local bandwidth 50% queue wireless bandwidth 40% altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio } queue dflt_in bandwidth 5% cbq(default) queue cpd bandwidth 50% queue radio bandwidth 40% pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd pass out on $int_if from 100.100.100.0/24 to any keep state queue radio pass out on $ext_if from 192.168.0.0/24 to any keep state queue local pass out on $ext_if from 100.100.100.0/24 to any keep state queue wireless firewall# pfctl -s queue queue root_sis0 bandwidth 1Mb priority 0 cbq( wrr root ) {dflt_out, local, wireless} queue dflt_out bandwidth 50Kb cbq( default ) queue local bandwidth 500Kb queue wireless bandwidth 400Kb queue root_rl0 bandwidth 1Mb priority 0 cbq( wrr root ) {dflt_in, cpd, radio} queue dflt_in bandwidth 50Kb cbq( default ) queue cpd bandwidth 500Kb queue radio bandwidth 400Kb -- Alessandro de Souza Rocha Administrador de Redes e Sistemas Freebsd-BR User #117 ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd